Reply
Aspirant

OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

I have a Nighthawk X6 R7900 with Firmware V1.0.3.18_10.0.42.

 

I'm trying to setup a VPN. I don't know what I'm doing. I keep getting the error:

 

OpenSSL: error:140AB18ESmiley FrustratedSL routinesSmiley FrustratedSL_CTX_use_certificate:ca md too weak

 

I've read a lot of very complicated solutions that don't seem to apply to my router. Anyone have a relatively simple way to either change the certificate Netgear generates or force OpenVPN to accept the md5 certificate?

Message 1 of 5
Aspirant

Re: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

I updated to V1.0.4.22_10.0.44, re-downloaded the certificates and got the same message.

Message 2 of 5
Aspirant

Re: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

Currently got the same issue with:


Hardware: D7000

Firmware: V1.0.1.78_1.0.1

 

In a nutshell netgear appear to be using outdated and less secure VPN certificate generation. I'm thinking about getting a Raspberry Pi to do the VPN instead so it's secure. It would be nice to see this issue fixed by netgear though as it's a security problem as far as I can see.

Message 3 of 5
Aspirant

Re: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

ON the VPN Service tab in the router settings, I changed from Auto to Home Network Only and re-downloaded the configuration package and reran it on the client and that seemed to work. It was able to connect! I'm not sure what now. I can see my media servers on the client, but can't access any files. I guess I'll do some digging on that, but thought I would pass along some info. Hope it helps.

Message 4 of 5
Aspirant

Re: OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

Morning!

 

Should have replied sooner, thanks for the suggestion. I wasn't able to get that working on my system. I have however found a way into the router using python and telnet which allows you to look around the file system in the router using the following two links:

 

https://articles.inqk.net/2018/03/02/netgear-openvpn-keys.html

 

...or the following from a windows perspective:

 

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Netgear-R7000-and-OpenVPN-for-Android-App/td...

 

I've recently found where the log, and config files are stored for openvpn on the router. if you run the following command once in telnet (username and password the same you'd use to administer the router over the web) you will find all of the files or directories with openvpn in the name, case insensitive.

 

# find / -iname *openvpn*

 

For me on the D7000 (appears to have been treated as a poor relation in comparison to R7000 which is reported to have had the encription issue sorted) that find command reports the following:

 

/tmp/openvpnd.pid
/tmp/openvpn_log
/tmp/openvpn
/usr/sbin/rc_app/rc_openvpn
/usr/sbin/openvpn
/usr/openvpn
/www.eng/openvpn_h.htm
/www.eng/openvpn.html

 

Having a look at the log /tmp/openvpn_log using vi I was able to locate two config files for the openvpn server:

 

config = '/etc/server.conf'

config = '/etc/server_phone.conf'

 

In all honesty I'm not a network or time served 'IT guy' so I'm now in the process of walking through those config files to see how the openvpn server is configured, and then correct the process in the earlier shared link in order to try and get some keys/certificates that work!

 

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 1445 views
  • 0 kudos
  • 2 in conversation
Announcements